• Job Description

  Req#: 12877

  Research, implement and manage tools used for proactive monitoring of security threats. Manage incident response, conduct internal reviews on a periodic basis to measure compliance with policy and assist in external audits and assessments. Develop culture of security and conduct ongoing security awareness program. Assist in establishing company information security program. Active participation in all projects for security requirements to ensure that all projects incorporates security requirements. Ensures that technology risks are identified and managed according to the risk culture of the enterprise and advises management about risks to the business due to the implementation of technology used to operate the business. S/he will also perform compliance activities to ensure the successful implementation of the program and consult with technical and business teams regarding their changing business and technical plans to ensure that information security issues are addressed early in a project's lifecycle.

  • Investigate intrusion incidents, conduct forensic investigations, and mount incident responses.
  • Configure and install security infrastructure including but not limited to firewalls, VPN, IDS/IPS, Anti-Malware and web/mail Filtering solutions.
  • Implement and upgrade security measures and controls.
  • Perform vulnerability testing, risk analyses and security assessments.
  • Recommend and install appropriate tools and countermeasures.
  • Create new ways to solve existing production security issues.
  • Collaborate with colleagues on authentication, authorization, and encryption solutions.
  • Evaluate new technologies and processes that enhance security capabilities.
  • Participate in evaluating new hardware and software technologies and provide an assessment of the risks/vulnerabilities and recommend mitigation strategies.
  • Test security solutions using industry standard analysis criteria.
  • Implement strategies to improve the reliability and security of IT projects.
  • Defend systems against unauthorized access, modification and/or destruction.
  • Development and maintenance of the Company information security program, including policies, standards, and guidelines to protect information against unauthorized modification or loss.
  • Act as a liaison on security matters between Internal Audit and IT, reviewing all audit reports and responses to ensure timeliness and effectiveness of corrective actions.
  • Contribute to the evolution of the risk analysis and IT workflow processes.
  • Provide management with regularly scheduled "State of the Information Security Program" reports.
  • Advise management of changes in the technical, legal, and regulatory arenas affecting information security and computer crime.
  • Develop and foster relationships with both business and technology customers and maintain strong relationships with technical teams.

  EDUCATION

  • Bachelor’s degree in computer science or related field required.
  • Combinations of relevant education and experience may be considered in lieu of a degree.
  • Continuous learning, as defined by the Company’s learning philosophy, is required.
  • Certification or progress toward certification is highly preferred and encouraged.

  EXPERIENCE

  • 7 years of progressively more responsible experience in an IT, information security, multiple computing environments, information security applications, or related environment with demonstrated technical knowledge which provides the necessary skills, knowledge, and abilities.
  • Certifications in GIAC, CISSP, SSCP, CISM, CEH, CISA, or Security+ preferred.

  QUALIFICATIONS

  • Ability to research security utilizing various resources.
  • Thorough knowledge of the Internet as an information resource and related networking and security technologies.
  • Thorough knowledge of OSI layers 1-4
  • Knowledge and experience with Palo Alto Next-Generation Firewalls
  • Hands on experience in multiple security areas such as: Intrusion Detection Prevention, Enterprise Anti-Virus, Identity and Access Management, Threat Management and Vulnerability Management.
  • Excellent oral and written communication skills.
  • Ability to effectively present budgetary and/or cost information and respond to questions as appropriate.
  • Ability to establish work flows, manages multiple projects, and meet necessary deadlines.
  • Works with minimum supervision and exercises sufficient discretion and independent judgment.
  • Demonstrated leadership abilities.
  • Ability to effectively exchange information clearly and concisely, and present ideas, reports facts and other information, and respond to questions as appropriate.
  • Ability to prepare necessary reports, spreadsheet development and cost analysis.
  • Ability to maintain confidentiality.
  • Ability to work varying hours, including evenings, weekends and holidays as required.
  • Ability to perform other assignments at locations outside the office.
  • Ability and proficiency in the use of computers and company standard software specific to position.

  WORKING CONDITIONS:

  Work is performed in an office setting with no unusual hazards. Some travel is required.

  PAY RANGE:

  Actual compensation decision relies on the consideration of internal equity, candidate’s skills and professional experience, geographic location, market and other potential factors. It is not standard practice for an offer to be at or near the top of the range, and therefore a reasonable estimate for this role is between $80,900 and $211,900

• About the company

  AF Group (Lansing, Mich.) and its subsidiaries are a premier provider of innovative insurance solutions. Insurance policies may be issued by any of the following companies within AF Group: Accident Fund Insurance Company of America, Accident Fund Natio...

Notice